Protecting your users' data with just a username and password is no longer satisfactory. Two-factor authentication (2FA) is the primary method of countering the effects of stolen passwords and is easy to implement in your web application. In this session we will discuss what two-factor authentication is, how it works and the challenges associated with it. We will then look how to integrate two-factor authentication into your PHP application's login workflow. We'll consider both YubiKey and Google Authenticator implementations, so you can make your users' accounts more secure.

Comments

Comments are closed.

Experienced presenter that took his time and spoke with confidence. Handled questions responsibly answering and reflecting on those that he could and acknowledge when he didn't know the answer.

Genuinely interesting topic as I didn't know how 2FA worked. Would have been good to hear some more thought leadership probing some questions about it's usage etc.

Craig Francis at 11:32 on 13 Apr 2017

Good talk, as I've been meaning to look at the inner workings of Two Factor Authentication (the algorithm).

The simplicity will hopefully push me to implement it soon, but I also appreciate the comments that while the basic check is easy, we need to develop a full solution - e.g. ability to remember the browser (to avoid annoying the customer); and a fallback process (when the user drops/looses their phone).

Lucia Velasco at 11:52 on 13 Apr 2017

It was pitched perfectly for me. The combination of technical concepts with straightforward language was really helpful, I came away feeling that I'd learnt a lot about one subject, including actionable information and an understanding of some of the technical language (acronyms) in this area. It was very useful that concise yet complete tidbits of whats and hows were peppered throughout without being code heavy (what should I use, how should I use it), as a result 2FA feels very doable without the need to re-research it.

I benefitted from the frequent reminders that users are inherently lazy, as well as the questions afterwards which probed the feasibility of this becoming mainstream.

A genuinely engaging and interesting talk from a very experience presenter.

Well written, not rushed. Informative enough, but not confounding for those with no experience with 2FA.

Showed how easy it is to implement and critically - inspired probably more than just myself to go away and put it in place in their applications.